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- • . s important for you and important for my continuing business that I 

don't unwittingly send you an infected product. 

Public key plus DES . Because public key uses more computer 
power than DES, companies such as pay-per-view cable providers are using 
combination systems to perform what's called "key management." Instead of 
encrypting the entire movie, for example, the cable operator simply uses 
public key to encrypt the DES key that will allow you to "unlock" the 
channel and view the movies you paid for. 

The extra authentication step isn't necessary because your key is 
built into your cable decoder box , or into a "smart card" provided to 
you by the cable company. 

...today's credit cards, there is no personal identification tied to 
the transaction. 

Companies like A-Squared Systems in Oakland, CA , and researchers 
such as David Chaum at the Center for Math and Computer Science at the 
University of Netherlands in . . . 
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World's Largest Wholesale Distributor to Market ActivCard Strong 
Authentication Solutions . 

PR Newswire, p0632 
July 28, 1999 

Language: English Record Type: Fulltext 
Document Type: Newswire; Trade 
Word Count: 74 9 

the creation, distribution, protection and control of credentials 
provided for user authentication and digital signature — static passwords, 
dynamic passwords and Public Key Infrastructure (PKI) certificates 
and keys. These services are delivered in the form of a multi-function, 
multi application token or smart card, or any Internet-connected device 
(i.e. mobile phone, set top box, PDA). 

Corporate Wallet technology utilizes the current management 
infrastructure to enhance present authentication methods and support 
emerging security and. . . 
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01832119 Supplier Number: 54174263 (USE FORMAT 7 FOR FULLTEXT) 
Deutsche Telekom and Baltimore to Integrate Security Technology. 

Business Wire, p0381 
March 22, 1999 

Language: English Record Type: Fulltext 
Document Type: Newswire; Trade 
Word Count: 782 

. with more than 6 million mobile telephony customers. At present, 

17.7 million homes are connected to Deutsche Telekom's cable television 



network. With 10 million ISDN channels, Deutsche Telekom has more than 46.5 
million telephone lines in service. With 3... 

. . .develops and markets security products and services for a wide range of 
e-commerce and enterprise applications. Its products include public Key- 
Infrastructure (PKI) systems, cryptographic toolkits, security applications 
and hardware cryptographic devices. 

Baltimore UniCERT is a modular, scalable, multipurpose Certificate 
Authority ( CA ) which issues and manages digital certificates for a wide 
range of applications including email, browsers and virtual private 
networks. Baltimore PKI-Plus is a developer toolkit... 
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01810053 Supplier Number: 53893430 (USE FORMAT 7 FOR FULLTEXT) 
PRASARA Teams With Diversinet To Provide Secure ITV Transactions. 

PR Newswire, p6571 
Feb 17, 1999 

Language: English Record Type: Fulltext 
Document Type: Newswire; Trade 
Word Count: 351 

Diversinet Corp. is a leading provider of digital certificate 
management tools and developer of a unique public - key infrastructure 
(PKI) security authentication technology. 

PRASARA will embed Diversinet 1 s PKI technology into its e-commerce 
interactive television services, including... 

...Out TV(R) (food delivery services). PRASARA's applications can run on 
any interactive television platform, and on any digital set - top box. 

Diversinet' s PKI technology obtains and verifies the validity of 
transactions through a single-step process. 

"The efficiency and. . . 
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Diversinet Corp Announces The Hiring Of A New Vice President Of Sales . 

Business Wire, pl035 
Jan 22, 1999 

Language: English Record Type: Fulltext 
Document Type: Newswire; Trade 
Word Count: 437 

. . . make tremendous gains in the marketing of our security solutions 

for applications like smart card authorizations, Internet services and 
digital set - top box services. We expect Mr. Ramoutar's ability, 
contacts and resources will be parlayed into future sales and growth for... 

...the leading corporations across a broad range of industries." 

Diversinet Corp. (www.dvnet.com) is a leading - provider of digital 
certificate management tools and a developer of public key 
infrastructure (PKI) technology required for corporate networks, Intranets 
and the Internet for electronic commerce. Diversinet f s proprietary PKI 
technology offers... 
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ComStream Chooses Diversinet to Deliver Secure Digital Satellite PC Card. 

Business Wire, p7290061 
July 29, 1998 

Language: English Record Type: Fulltext 
Article Type: Article 
Document Type: Newswire; Trade 
Word Count: 475 

industry.- Products include satellite modems and earth stations, 
broadcast systems, the MediaCast (TM) Satellite PC/server Receiver card, and 
digital set - top boxes. 

Founded in 1984, ComStream was acquired by Spar Aerospace Limited in 
1992, and is a wholly owned subsidiary. Spar is a publicly owned company 
based in Toronto, Canada, (www. spar, ca ) 

About Diversinet 

Diversinet Corp . (www. dvnet . com) is a leading provider of Digital 
Certificate management tools and a developer of public - key 
infrastructure (PKI) technology required for corporate networks, Intranets 
and the Internet for electronic commerce. Diversinet f s proprietary PKI 
technology offers... 
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Reverse 
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Language: English Record Type: Fulltext 
Document Type: Newswire; Trade 
Word Count: 1250 

architecture that permits the RISC CPU, graphics 

engine, and the MPEG-2 processor to dynamically share available 

memory, 

significantly increasing set - top 
capabilities and af f ordability . 

— Scientific-Atlanta's PowerKEY (TM) digital conditional access 

system. 

The PowerKEY system is the first conditional access ( CA 

) system that 

uses both public and private key- 
cryptography to meet security demands 

of broadcast and interactive network applications. With PowerKEY 

CA , 

theft of service, falsified or denied orders, and vandalism of 
software 

and databases can be curtailed. Sensitive information can be 
encrypted 

and decrypted, and message content can be authenticated. The PowerK 

EY 

system incorporates both Scientific-Atlanta technologies and 

public 

key 

technologies from RSA Data Security, Inc., and Cylink Corporation. 

— The PowerTV(TM) Operating System, designed specifically for advanced 
television devices... 

. . . into a 



single package. In addition to supporting standards, these chips wi 



11 

support the PowerTV operating system and the PowerKEY 

conditional 

access system. 

In addition to Explorer set - tops , Scientific-Atlanta provides most 
major components of an end-to-end digital broadband system, including 
satellite receivers, Broadband Integrated Gateways... 
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COMMERCENET CONSORTIUM: CommerceNet /Niels on Internet and Ecommerce Survey 
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M2 Presswire, pNA 
March 8, 1999 

Language: English Record Type: Fulltext 
Document Type: Newswire; Trade 
Word Count: 955 

... I/Pro, Internet Shopping Network, Netscape, Open Market SAQQARA, 

and Terisa Systems. CommerceNet also created and operated the first online 
Public Key Certificate Authority. 
About Nielsen Media Research 

Nielsen Media Research is the leading provider of media research 
services in the U. S. and Canada. It is the producer of the Nielsen TV 
ratings and the leading provider of broadcast and cable television 
information services, both nationally and locally. Through its Interactive 
Services division, Nielsen Media Research develops audience measurements 
and custom research. . . 
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RPK SECURITY: RPK Security provides encryption for VPN via satellite. 

M2 Presswire , pNA 
Jan 21, 1999 

Language: English Record Type: Fulltext 
Document Type: Newswire; Trade 
Word Count: 456 



RDATE: 190199 

SAN FRANCISCO, CA . — RPK Security, Inc., a technology leader in 
strong and fast public key encryption, today announced an agreement with 
Communicado Data. . . 

...encryption technology into Communicado 1 s SatLink fast Internet data via 
satellite products. 

RPK's Encryptonite Engine combines the benefits of public key 
encryption systems with the speed of secret key systems in one algorithm. 
Coupled with Communicado ' s SatLink system, RPK's... 

...is easily intercepted. Therefore, strong and fast encryption is required 
to provide the privacy customers expect. Most existing solutions use 
Conditional Access technologies designed for subscription television, 
which are expensive and don f t provide positive authentication of sender or 
receiver. RPK's Encryptonite Engine provides both encryption and 
authentication. And since it is a public key system, it's also easy to 
manage . 

Custom software development for the SatLink project is being done by 
ITCG, a. . . 
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DIALOG (R) File 636: Gale Group Newsletter DB(TM) 
(c) 2004 The Gale Group. All rts. reserv. 

03999650 Supplier Number: 53140192 (USE FORMAT 7 FOR FULLTEXT ) 
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Microsoft Windows Card OS. 

M2 Presswire, pNA 
Oct 27, 1998 

Language: English Record Type: Fulltext 
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Word Count: 663 

using the new Microsoft smart card operating system - the Windows 
Card, which was launched today. 

iD2 Technologies will enhance its Certificate Manager product to 
support the Windows Card for enterprise solutions and large scale public 
applications. iD2 will develop new PKI ( Public Key Infrastructure) 
functionality and features for Microsoft's card components and 
applications. 

Bjorn Gustavsson, president of iD2 Technologies, said: "The launch. . . 

. . .Windows Card by Microsoft further ensures that smart card technology is 
the future standard for security on the Internet. PCs, set - top boxes, 
mobile phones and other digital devices are now being equipped with smart 
card reading facilities as standard opening the. . . 
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High-performance encryption chip from VLSI to ship by fall 

InfoWorld, p48 
March 6, 1995 

Language: English Record Type: Abstract 
Document Type: Magazine/ Journal ; Trade 

ABSTRACT: 

VLSI Technology Inc, based in San Jose, CA , plans to start shipping the 
VL06868, its high-performance encryption chip, by the fall of 1995. The 
chip is expected to find use in CD-ROMs, cellular telephones, information 
delivery systems, set - top boxes, smart cards, and wireless networks. 
The VL068 68 is expected to be embedded in various hardware and software 
platforms, including the Information Vending Encryption System (IVES) by 
American Tel & Tel. The chip uses Dif f ie-Hellman-based public key 
encryption. 



7/3,K/12 (Item 1 from file: 148) 

DIALOG (R) File 148: Gale Group Trade & Industry DB 
(c)2004 The Gale Group. All rts. reserv. 

10589876 SUPPLIER NUMBER: 53173826 (USE FORMAT 7 OR 9 FOR FULL TEXT) 

Tomorrow Begins Today at Net Security Firm. 
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both and likes what they are doing in software and browser products 
to incorporate, and further the cause of, digital certificates . 
Meanwhile, it is cheering computer-keyboard, set - top box, and 
hand-held-device manufacturers for beginning to build in smart card 
readers . 

Verisign Inc., a Silicon Valley neighbor, and Entrust Technologies 
Inc., a Richardson, Tex., spinoff of Northern Telecom of Canada, blazed the 



certification industry's trail to the initial public offering market this 
year. Spyrus crosses paths with them and hopes to better... 

...I applaud them," said Ms. Pontius. 

"We are out to accelerate the marketplace-we need Entrust and 
Verisign and more" certificate authorities, Ms. Pontius said. "With 
multiple products, the best of breed will win. How many public key 
smart cards are there today? Entrust and Verisign's revenues are minuscule 
compared to what this industry is going to... 
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New Entrust-Ready Solutions , Technology Achievements and Business 
Relationships Announced at Entrust Secure Summit 1 99 

Business Wire 

Tuesday, June 15, 1999 09:36 EDT 

JOURNAL CODE: BW LANGUAGE: ENGLISH RECORD TYPE: FULLTEXT 
DOCUMENT TYPE: NEWSWIRE 
WORD COUNT: 1, 4 69 

...Organizations using Entrust f s e-business solutions will have 
the option to benefit from nCipher's nFast/KM and nFast/ CA hardware key 
management solutions whichprotect sensitive cryptographic keys in 
Federally- certified tamper-resistant hardware, and accelerate digital 
signatures by offloading cryptographic processing from host server to a 
dedicated peripheral, http://www.ncipher.com 

- NDS Americas, Inc.: The leading provider of conditional access 

technology for Pay TV, has joined the new Entrust Alliance Developer 
Program. The NDS AccessGear (TM) system for smart card based network 
security will undergo functionality testing with Entrust to offer 
secure public - key smart cards and management solutions for enterprises 
deploying Entrust/PKI (TM) . http://www.ndsworld.com 
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...SPECIFICATION to MUX 200 encapsulated in EMM 111. 

MSK 208 and other parts of EMM 111 are preferably encrypted using a 
public key algorithm, such as the well-known RSA algorithm, with a 
public key associated with the specific set - top box 113 to which 
the EMM is addressed. The public keys of all set - top boxes 113 in 
a system 101 are stored in Public Key Data Base 207. The public 
keys in this data base are preferably certified by a certificate 
authority. The digital signature function in 206 is preferably the RSA 
digital signature method, although others could be used. In... 
unit (underscore) message 1011 will be examined in more detail later. 

EMM Structure Details: FIG. 11 

FIG. 11 shows a CA message 805 which contains an EMM 1112. CA message 
805 has a header 1003, a CA EMM message 1101, and... 

...information from the EMM (underscore ) inside (underscore ) header . This 
information is particularly sensitive and is consequently encrypted by 
both the public key of DHCT 333, for privacy reasons, and the private 
key of the entitlement agent or the conditional access authority, to 
apply a digital signature. Upon reception, and after the privacy 
decryption, if the signature verification fails, the EMM is discarded by 
DHCT 333. Included in this information are an ID for the conditional 
access system, the type of the CA message, the serial number of the 
microprocessor in the DHCT 1 s DHCTSE 627, an identifier for the CAA or EA 



a processor for performing a secure hash. 



. . .control word; and 

a transmission device for transmitting said source authentication token, 

said control word, and said download information; 
a set top terminal for verifying an information source, said set 

top terminal comprising: 
a port for receiving a message comprising said download information, 

said source authentication token, and said control word from said 

entitlement agent; 

a memory for storing a public key that is included in said public 

-private key pair; 
a decryptor coupled to said port for decrypting said control word using 

said public key ; 
a processor coupled to said decryptor for performing a secure hash 

function having as inputs said control word and said. . . , 

...download information as authentic when the two are the same; and 

a communication medium for coupling said certification authority, said 
set top terminal; and said entitlement agent. 

11. The cable television system of claim 10, wherein said entitlement 
agent can authenticate different types of download information. 

12. The cable television system... 
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. SPECIFICATION to MUX 200 encapsulated in EMM 111. 



The geo-political CA certificate 2807 shown in FIG. 28, is not 
required to operate the normal conditional access and electronic 
activities ...of the operator's DBDS . In this case, the signature chains 
may be readily linked to those of geo-political CA and its signature 
2807 by having the public keys of one or all of the DHCT root 
signature 2804, the Root CAA signature 2808 or operator CAA signatures 
2802 certified by the geo-political CA signature. This is 
accomplished by having a certificate placed in a database for each of 
the public keys associated with signatures 2804, 2808 and 2802. Said 
certificate is. . . 
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.SPECIFICATION with a user. The headend includes hardware that receives 
video and distributes it to the set top boxes within the CA system. 
Select set top boxes are allowed to decode certain video programs 
according to entitlement information sent by the cable... 

.pay per view program, an entitlement message is broadcast in encrypted 
form to all set top boxes. Only the particular set top box the 
entitlement message is intended for can decrypt it. Inside the decrypted 
entitlement message is a key that will decrypt the pay per view program. 
With that key, the set top box decrypts the pay per view program as 
it is received in real-time. Some systems sign entitlement messages. 

As described above, conventional CA systems only check entitlement of 
content upon receipt. More sophisticated techniques are always desired to 
further ensure against content being received from unintended sources. 

WO-A-98' 56180 discloses a global conditional access system for 



broadcast services. US-A-5005200 discloses a public key /signature 
cryptosystem with enhanced digital signature certification . 



SUMMARY OF THE INVENTION 

The invention is as set out in sending method claim 1, receiving method 
claim 8 and system claim 14 . 

According to the invention, disclosed are an apparatus and methods for 
authenticating information sent to a set top box. In one embodiment, 
a method for distributing information that includes a signature is 
disclosed. In one step the signature... 
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.SPECIFICATION program guide providers, and in certain cases internet 
service providers. 

A system in accordance with the present invention may utilize public 
key technology. Typically, such a system utilizes one public key 
(corresponding to a smart card) for all service providers. Each smart 
card has stored therein a secret private key that can decrypt messages 
encrypted by the public key . The service provider sends a 
conditional access ( CA ) entitlement message (i.e., an Entitlement 
Control Message or ECM) in the bit stream encrypted by the public key 
that may contain the name of the service provider, and the name, time, 
and cost of the program. This message... 

.services can be purchased by the user. At some appropriate preprogrammed 
time, the smart card causes the device (e.g., set - top box) to 
automatically place a telephone call to the CA center. Using a secure 
channel, the CA center in cooperation with a bank receives billing 



information from the smart card ... system, which may be utilized to manage 
access to copies of restricted programs, for example, scrambled (or 
encrypted) programs. A conditional access system may be integrated 
into a renewable security device, such as a smart card complying to the 
National Renewable Security Standard (NRSS) , EIA-679 Part A or Part B. 
The conditional access system, when implemented within a digital 
television (DTV) , set - top box (STB), or the like, permits a user to 
view only legitimate copies of the scrambled program. The functionality 
of the smart card may be embedded within the DTV or STB . 

A Certificate Authority (not shown) issues digital certificates and 
public and private key pairs, which are used as explained below. It 
is within the scope of this invention that the role of the certificate 
authority may be performed by the service providers in collaboration with 
the manufacturers of the devices. A billing center may... the 
broadcasters, and the corresponding private key is placed in the 
tamper-proof NRSS-based smart cards, distributed by the CA providers to 
the consumers. This public key is used to protect the ECMs generated at 
the head-end. It is... 

. . .than DES. 

Symmetric key cryptography involves the use of the same key for both 
encryption and decryption. The foundation of public - key cryptography 
is the use of two related keys, one public and one private. The private 
key is a secret key, and it is computationally unfeasible to deduce the 
private key from the public key , which is publicly available. Anyone 
with a public key can encrypt a message, but only the person or 
device having the associated and predetermined private key can decrypt 
it. 

A digital home network 10, as depicted in Figure 1, is a cluster of 
digital audio/visual (AN) devices including set - top -boxes 12, TVs 14, 
VCRs 16, DVD players 18 and general-purpose computing devices (not shown) 
such as personal computers... 
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..SPECIFICATION accesses between carousels may also be employed for 
purposes of verifying the authenticity of carousels or modules received 
by a set - top box. A carousel (or more particularly its directory 
module) may contain a certificate encrypted with the private key of th 
producer. The set - top box, having a copy of the producer's public 
key , can verify that the carousel came from the producer by decrypting 
the certificate using the public key . The use of hash functions as 
described above may also be employed to ensure the authenticity of the 
non-directory. . . 
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. . .SPECIFICATION are stored in RAM 37, where they are available for use by 
applications executing in the control system 35. The set -top box may 
employ a security mechanism to ensure that the carousels and/or 
particular modules which are being downloaded. . . 

...the private key. Likewise, a file which is encrypted with the private 
key can only be decrypted with the public key . Thus, when a public - 
key encrypted message is sent to the owner, the sender can be assured 
that, even if the message is intercepted, only... 

...who holds the private key) can decrypt it and read the message. 

The set-top box maintains copies of the public keys of one or more 
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... SPECIFICATION accesses between carousels may also be employed for 

purposes of verifying the authenticity of carousels or modules received 
by a set - top box. A carousel (or more particularly its directory 
module) may contain a certificate encrypted with the private key of the 
producer. The set - top box, having a copy of the producer's public 
key f can verify that the carousel came from the producer by decrypting 
the certificate using the public key . The use of hash functions as 
described above may also be employed to ensure the authenticity of the 
non-directory. . . 
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...SPECIFICATION are stored in RAM 37, where they are available for use by 
applications executing in the control system 35. The set -top box may 
employ a security mechanism to ensure that the carousels and/or 
particular modules which are being downloaded. . . 

...the private key. Likewise, a file which is encrypted with the private 
key can only be decrypted with the public key . Thus, when a public - 
key encrypted message is sent to the owner, the sender can be assured 
that, even if the message is intercepted, only... 

...who holds the private key) can decrypt it and read the message. 

The set-top box maintains copies of the public keys of one or more 



trusted parties. When the set- top box receives a directory module, it 
checks the module for a certificate signed with the private key of the 
producer. The certificate contains a producer's certificate, which is the 
producer's public key , signed by a trusted party. The set - top 
box, having a copy of the trusted party's public key , can verify that 
the producer's certificate (the producer's public key ) is authentic. 
Then, the producer's authenticated public key can be used to verify 
that the certificate is unaltered. The security mechanism may also 
include performing a hash function over the modules and including the 
hash value . . . 
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...SPECIFICATION 0 658 054 discloses generating a descrambling key using 
two pieces of transmitted data. 

Summary of the Invention 

In a conditional access { CA ) system, the signals are usually 
scrambled using symmetric ciphers such as the Data Encryption Standard 
(DES). For security reasons, the... 

...few seconds. The protection of the descrambling keys, which need to be 
sent with the signals, is often provided by public - key cryptography. 
Public - key cryptography introduces problems associated with the 
public key infrastructure and distribution of the keys. This invention 
resides, in part, in recognition of the described problem and, in part... 
DTV 40 can receive services from a plurality of service providers (SPs), 
such as a broadcast television SP 50, a cable television SP 52, a 



satellite system SP 54, and an internet SP 56. Conditional Access 

Organization ( CA ) 75 is not directly connected to either the service 
providers or STB 40 but deals with key management and issues public and 
private key pairs which may be used, if necessary, as explained below. 

The present invention employs the concept of secret sharing which 
eliminates the requirement for using public key cryptography to 
ensure secure transmission of the audio/visual (A/V) stream from a 
service provider. A variation of a... 
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...SPECIFICATION to MUX 200 encapsulated in EMM 111. 

MSK 208 and other parts of EMM 111 are preferably encrypted using a 
public key algorithm, such as the well-known RSA algorithm, with a 
public key associated with the specific set - top box 113 to which 
the EMM is addressed. The public keys of all set - top boxes 113 in 
a system 101 are stored in Public Key Data Base 207. The public 
keys in this data base are preferably certified by a certificate 
authority. The digital signature function in 206 is preferably the RSA 
digital signature method, although others could be used. In... 
unit (underscore) message 1011 will be examined in more detail later. 

EMM Structure Details: FIG . 11 

FIG. 11 shows a CA message 805 which contains an EMM 1112. CA message 
805 has a header 1003, a CA EMM message 1101, and information is 
particularly sensitive and is consequently encrypted by both the public 

key of DHCT 333, for privacy reasons, and the private key of the 
entitlement agent or the conditional access authority, to apply a 



digital signature. Upon reception, and after the privacy decryption, if 
the signature verification fails, the EMM is discarded by DHCT 333. 
Included in this information are an ID for the conditional access 
system, the type of the CA message, the serial number of the 
microprocessor in the DHCT f s DHCTSE 627, an identifier for the CAA or EA 
which is the source of the EMM, an indication of which of the three 
public keys for the CAA in DHCT 333 f s secure element is to be used to 
decrypt the sealed digest, and an. . . 

...of the operations performed using EMMs . 
Details of DHCTSE 627: FIGs. 12-14 

DHCTSE 627 has five, main functions in conditional access system 
601: 

* It securely stores keys including the public and private keys for 
DHCT 333, public keys for the CAA, public keys for EAs from which 
DHCT 333 is authorized to receive services, and MSKs provided by those 
EAs . 

* It securely stores. . . 

...operations performed by DHCTSE 627, code for interpreting. EMMs 1313, 
code for interpreting ECMs 1321, and code for handling other CA 
messages such as the FPM and the GBAM. Code 1307 includes code 1308 for 
the MD5 one-way hash algorithm, the code 1309 for the RSA public key 
algorithm, and the code 1311 for the 3DES algorithm. EMM code 1313 falls 
into three classes: code 1315 which interprets EMMs received from a 
conditional access authority, code 1317 which interprets EMMs employed 
by the entitlement agents to configure the storage allocation they 
receive from the ... installed in DHCTSE 627 when DHCTSE 627 is 
manufactured. 

In a preferred embodiment, the manufacturer of DHCT 333 maintains a 
certified database which has the serial number of each DHCT together 
with the pair of public keys belonging to it. When... 
...keys for the DHCT. The manufacturer thus functions as the certification 
authority for the keys. Control suite 607 stores the public keys in a 
database of its own. For details on key certification, see Schneier, 
supra, pages 425-428. Getting the public keys for the DHCT from the 
manufacturer has two advantages: first, it solves the problem of 
certifying the keys; second, because the public keys come from the 
manufacturer and not from DHCT 333, there is no requirement in 
conditional access system 601 that DHCT 333 have a reverse path to 
control suite 607 . 

CAA keys 132 9 are public keys for the conditional access 
authority. In a preferred embodiment, CAA keys 1329 include three . public 

keys for the conditional access authority. These keys are 
originally installed when DHCTSE 627 is manufactured, but may be changed 
in response to EMMs, as ... operator may have a plurality of EAs. ,In a 
preferred embodiment, there is a different EA and an associated EA 
certificate 2803 for every operating site of any given operator. This 
ensures that DHCTs can not be migrated between operational sites without 
the knowledge and participation of the operator CAAsignature 2802. 

The geo-political CA certificate 2807 shown in FIG. 28, is not 
required to operate the normal conditional access and electronic 
activities of the operator. However, the operator may desire to link its 
signature chain into a larger chain. . . 
...of the operator's DBDS. In this case, the signature chains may be 

readily linked to those of geo-political CA and its signature 2807 by 
having the public keys of one or all of the DHCT root signature 2804, 
the Root CAA signature 2808 or operator CAA signatures 2802 certified 
by the geo-political CA signature. This is accomplished by having a 
certificate placed in a database for each of the public keys associated 
with signatures 2804, 2808 and 2802. Said certificate is... 
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...SPECIFICATION to MUX 200 encapsulated in EMM 111. 

MSK 208 and other parts of EMM 111 are preferably encrypted using a 
public key algorithm, such as the well-known RSA algorithm, with a 
public key associated with the specific set - top box 113 to which 
the EMM is addressed. The public keys of all set - top boxes 113 in 
a system 101 are stored in Public Key Data Base 207. The public 
keys in this data base are preferably certified by a certificate 
authority. The digital signature function in 206 is preferably the RSA 
digital signature method, although others could be used. In... 
underscore) message 1011 will be examined in more detail later. 

EMM Structure Details: FIG. 11 

FIG. 11 shows a CA message 805 which contains an EMM 1112. CA message 
805 has a header 1003, a CA EMM message 1101, and a... 

...from the EMM (underscore ) inside (underscore ) header . This information is 
particularly sensitive and is consequently encrypted by both the public 
key of DHCT 333, for privacy reasons, and the private key of the 
entitlement agent or the conditional access authority , to apply a 
digital signature. Upon reception, and after the privacy decryption, if 
the signature verification fails, the EMM is discarded by DHCT 333. 
Included in this information are an ID for the conditional access 
system , the type of the CA message, the serial number of the 
microprocessor in the DHCT 1 s DHCTSE 627, an identifier for the CAA or EA 
which is the source of the EMM, an indication of which of the three 
public keys for the CAA in DHCT 333' s secure element is to be used to 
decrypt the sealed digest, and an indication. . . 
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Detailed Description 
Publication Year: 1999 

Detailed Description 

the encryption system of the present invention uses symmetrical key 
encryption technique5 to encrypt and decrypt the service instance and 
public key encryption techniques to transport a copy of one of the keys 
used in the symmetrical key techniques of the ... resulting encrypted 
streams are sent to MUX 200 to be combined with other elementary streams 
and private data, such as conditional access data. The key used in 
the Program Encrypt function 201 is called the Control Word (CW) 202. The 
CW 202 . . . 

...III. 

I 0 

MSK 208 and other parts of EMM III are preferably encrypted using a 
public key algorithm, such as the well-known RSA algorithm, with a 
public key associated with the specific set - top box II 3 to which 
the EMM is addressed. The public keys of all set - top boxes 113 
in a system I 0 1 are stored in Public Key Data Base 207. The public 

keys in this data base are preferably certified by a certificate 
authority. The digital signature function in 206 is preferably the RSA 
digital signature method, although others could be used. In ... even-parity 
control will be examined in more detail later. 

ENINI Structure Details: FIG. 11 

FIG. I I shows a CA message 805 which contains an EMM 11 12. CA message 
805 has a header 1003, a CA EMM message I... 

...is inf orn-iation from the EMM-inside-header . This 

information is particularly sensitive and is consequently encrypted by 
both the public key of DHCT 333, for privacy reasons, and the private 
key of the entitlement agent or the conditional access authority, to 



of one or all of the DHCT root signature 2804, the Root CAA signature 
2808 or operator CAA signatures 2802 certified by the geo-political CA 

signature. This is accomplished by having a certificate placed in a 
76 f 

database for each of the public keys associated with signatures 2804, 
2808 and 2802. 

Said certificate... 
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Detailed Description 

. . . for certificates, the ECTS is a central certificate authority 

performing public key generation, the issuance and renewal of keys and 
certificates , and the manager of the certificate repository. 



Linked with public key technology is the need for chip cards or smart 



cards to securely store a private key to allow it to. 



.but prevent its duplication. A goal for the ECTS is to foster the 
development of a national and international open public key 
certification infrastructure based on smart card technology. Finally, as 
in the traditional payments world, there is a requirement to certify 
hardware and software devices which interface with financial networks. 
Given the many access options, such as browsers, PC software, kiosks, 
ATM ' s , telephones and terminals, TV set - tops , personal digital 
assistants, etc., the ECTS will set standards and operate a streamlined 
and cost-effective certification process. The ECTS will provide value 
added services to its members and their customers within a privacy 
framework and will... 
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Publication Language: English 
Fulltext Word Count: 4 38 9 

Patent and Priority Information (Country, Number, Date) : 

Patent: . . . 19981210 

Fulltext Availability: 

Detailed Description . 

Claims 
Publication Year: 1998 

Detailed Description 

. . . of the smart card may be considered to be a 
SUBSTITUTE SHEET (RULE 26) 

part of the functionality of the set - top box thus removing the 
"boundaries" created by the physical card body of the smart card. 

STB 4 0 can receive services from a plurality of service 
providers (SPs) , such as a broadcast television SP 50, a cable 

television SP 52, a satellite system SP 54, an internet SP 56, and an 
electronic event guide SP 58. Certificate authority ( CA ) 75 is not 
directly connected to either the service providers or STB 40 but 
issues digital certificates and public and private key pairs which 
are 

used as explained below. A set - top box public key is provided to 
the 

manufacturers of the devices and is stored therein before the product 
is shipped to the consumer. It is within the scope of this invention 
that the role of certificate authority 75 may be performed by the 



16 The combination of Claim 15 wherein the device is a set - top 
box . 

17 The combination of Claim 15 wherein the device is a digital 
television . 

18 In combination in a system. . . 

.card coupled thereto, 

said device performing the steps of: 

(a) receiving an electronic program guide, said guide having a 

digital certificate and a separate message corresponding to each event 

in said guide, each of said digital certificates being encrypted using 

a 

first private key of said guide, said separate message being encrypted 
using a public key of the smart card and having an associated digital 
signature created using a second private key of said guide; 
(b. . . 
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Claims 
Publication Year: 1998 

Detailed Description 
. . . invention, 

the first message comprises data associated with the first device and 
a date and time stamp, and the digital certificate comprises data 
associated with the second device and a second public key. 

In accordance with another aspect of the present 

invention, the step of authenticating comprises decrypting the digital 
certificate using a first public key; decrypting the first encrypted 



..e) decrypting in said first device, using a first public key to 
obtain said second public key, said encrypted digital certificate 
received from said second device, said first public key being stored 
in 

said first device; 

(f) decrypting said first encrypted identification data using 

said second public key to generate a first decrypted identification 
data ; 

(g) authenticating said second device by comparing said first 
decrypted identification data to... 

. . second device second encrypted 
identification data, said second encrypted identification data being 
encrypted in said first device using said second public key of said 
second device; and 

(i) establishing a communication channel between said first 
and said second devices. 

I 1. In combination in a system for managing access between a 
service provider and a set - top box having a smart card coupled 
thereto, said set - top box performing the steps of: 

(a) sending a first message to the smart card, said first 
message containing set - top box identification data; 

(b) receiving from the smart card, in response to said first 
message, a first digital certificate encrypted using a first private 
key, said first digital certificate containing service provider 

i dent if icati6n 
data ; 

(c) authenticating the smart card in response to said first 
digital certificate; 

(d) contacting the... 

..said second message 
encrypted using a third private key; 

(g) authenticating the service provider in response to said 
second digital certificate and said second encrypted message; 

(h) providing confirmation of the authentication to the service 
provider; and 

(i) establishing a communication. . . 

..4. The combination of Claim 13 wherein said second digital 
certificate comprises second service provider identification data and a 
second public key of said service provider. 

15 The combination of Claim 14 wherein the step of authenticating 
the service provider comprises the steps of: 

(a) decrypting said second digital certificate in the set - top 
box using said second public key ; 

(b) decrypting said encrypted second message using a third 
public key to generate a second decrypted message; and 

(c) comparing said second decrypted message to said second 
message . 

16 The combination of Claim 15 wherein said first public key , said 
second public key , said first message and said second message are 
stored in said set - top box. 

17 The combination of Claim 16 wherein said first digital 
certificate, said first private key and said first public key are 
issued 

by an ...is stored in said smart card, with said service provider. 
20 The combination of Claim 19 wherein said second digital 
certificate is stored in said service provider. 
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Digital Video Broadcasting (DVB) applications) may- be provided. 

Whilst the receiver contains the necessary programs and a subsidiser 
association master public key Pbkm (assumed, for economy of receiver 
manufacture, to be common to all subsidisers ) , no information is 
contained in the read. . . 

...receiver he will also purchase a 1 5 service package from the 
subsidiser, for which he will be supplied a conditional 

access module. The customer connects up the receiver and plugs in the 
CA 

module. The following, process now takes place. 

The first step 100 is an initialisation process which is a 
cryptographically authenticated. . . 
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Detailed Description 

100, the MKS-RS 102, the MKS-PS 104 and every PS 106 in the system'' 
will have its own public /private signature key pair. In addition, every 
ECS 108, every ECS-RS 110, ...other secure chips 140. The last or 
lowest level certificate will be a SC authentication certificate for the 
cable decoder box 116. This certificate will indicate that the PS 106 
recognized the public signature key of the cable decoder box 116, 
and that the cable decoder box 1 1 6 is authorized to operate as a 
cable decoder box 116. 

Thus, the PS 106 is the authority with respect to this second 
certificate, while the cable decoder box 1,16 is the subject. The 
combination of these two authentication certificates provides indirect 
authentication of the cable decoder box 116 by the MKS 100. 
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Abstract (Basic) : US 20040117661 Al 

NOVELTY - A digital media containing security code such as pin 
code, is received from a communication device such as personal computer 
(PC). The security code is translated to Internet protocol (IP) address 
corresponding to another communication device such as media processing 
system (MPS), so that the translated address remains anonymous to PC. 
The media is routed to the MPS, based on the IP address. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
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(1) machine-readable storage medium storing computer program for 
communication of information; and 

(2) system for communication of information in communication 
network. ' 

USE - For communicating security information such as one-time 
certificate , device identification (ID), public key , code and 
device number between communication devices such as personal computer 
(PC) e.g. desktop PC, laptop computer, handheld computer, personal 
digital assistant (PDA) and other computing devices, media processing 
system (MPS) e.g. set - top box (STB), and television and media 
peripheral devices e.g. digital camera, digital camcorder, MP3 player, 
compact disk (CD) player, DVD player and windows media audio (WMA) 
player in communication network e.g. media exchange network. 



ADVANTAGE - Facilitates secure communication of information between 
the communication devices, by maintaining the address of specific 
communication device as anonymous to another device. 

DESCRIPTION OF DRAWING (S) - The figure shows the flowchart 
illustrating the process of providing secure anonymity using proxy 
server on media exchange network, 
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Abstract (Basic) : US 20040107350 Al 

NOVELTY - A selected digital bit stream comprising a packet 
identifier for identifying video, audio and data stream, is encrypted 
according to encryption process to provide the encrypted steams. The 
encrypted streams are multiplexed to provide partial encrypted stream. 

USE - For providing program in conditional access system e.g. 
cable television ( CATV ) system for satellite television company or 
cable television ( CATV ) company. 

ADVANTAGE - Minimizes piracy .concerns in the cable television 
system. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram 
illustrating relationship between transaction encryption device and 
conditional access system. 
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Abstract (Basic) : EP 1271875 Al 

NOVELTY - An authentication unit (114) of a source device (110) 
authenticates a destination device (130) as a strongly protected 
device, when a certificate for public key from the destination 
device is verified successfully with available public key of a 
certifying authority (CAPK) . The destination device is authenticated 
as weakly protected device, when the certificate is verified 
successfully with locally available public key (SPK) . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Remote device authentication method; and 

(2) Computer program product for authenticating remote device. 
USE - Scalable content protection enabled device such as 

audio/video receivers and players, set top boxes, general purpose 
computers, mobile telephones, Internet applications. 

ADVANTAGE - By authenticating the devices as weakly protected and 
strongly protected devices, the data is transmitted securely between 
the devices. Hence, data transfer efficiency is enhanced. 

DESCRIPTION OF DRAWING (S) - The figure shows a schematic view of 
the scalable content protection enabled device. 

Source device (110) 

Authentication unit (114) 

Destination device (130) 
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Abstract (Basic): US 20020095507 Al ' 

NOVELTY - A challenge comprising an inactive random password is 
provided to a client computer from an authentication server (350) 
through an external server (310) . A digital certificate comprising an 
encrypted public key and a digital signature are obtained in 
response to the challenge from the client computer (300) . The random 
password is activated by the authentication server after verification 
of the challenge response. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following: 

(1) Password activation method in verification server; and 

(2) One-time password utilization method. 

USE - For obtaining and using one-time passwords for secure access 
to computer networks .or systems that include a firewall, a VPN gateway 
from user appliances such as notebook computers, TV set - top boxes 
e.g. WEB TV game consoles e.g. PLAYSTATION, network computers, PDAs, 
WAP-enabled cellular devices, kiosks, computer-implemented wrist 
watches, wearable computers, kitchen appliances, surveillance 
equipment, pocket or portable displays or terminals, etc., for 
electronic mail servers, wireless application, secure distributed 
services access, embedded applications, financial transactions e.g. 
credit-card transaction system. 

ADVANTAGE - Provides one-time passwords for secure access to 
computer networks, and eliminates need for authentication server or 
external server to preregister a hardware Key 1 or token'. Does not 
require precise synchronization between devices. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram 
explaining the pre-authentication process. 

Client computer (300) 

External server (310) 

Authentication server (350) 
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Abstract (Basic) : EP 1148676 A2 

NOVELTY - A detector detects change of layer structure of 
directory, which stores public key certificate information. Based 
on detection result, differential information corresponding to change 
is obtained and transmitted to network. The information relating to 
latest public key certificate and associated lapse information is 
stored in container and leaf entries of directory. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following: 

(a) Transmitting method; 

(b) Receiver; 

(c) Receiving method; 

(d) Transmitting and receiving system; 

(e) Transmitting and receiving method 
USE - For cable television ( CATV ) . 

ADVANTAGE - Prevents wiretapping of information, manipulation or 
pretension using public key infrastructure and operates encryption 
communication with high efficiency. By processing the search request of 
lapsed information of public key certification , the directory 
servers efficiency is improved. 

DESCRIPTION OF DRAWING (S) - The figure shows the flowchart of 
encryption communication. 

pp; 53 DwgNo 26/28 

Title Terms: TRANSMIT; CABLE; TELEVISION; STORAGE; INFORMATION; RELATED; 

LATE; PUBLIC; KEY; CERTIFY ; INFORMATION; ASSOCIATE; LAPSE; INFORMATION; 

LEAF; CONTAINER; ENTER; DIRECTORY 
Derwent Class: W01; W02 

International Patent Class (Main): H04L-009/00; H04L-009/08; H04L-009/32 
International Patent Class (Additional): G06F-012/00; G09C-001/00 
File Segment: EPI 



5/5/6 (Item 6 from file: 350) 

DIALOG (R) File 350: Derwent WPIX 

(c) 2004 Thomson Derwent. All rts. reserv. 

013858827 **Image available** 

WPI Acc No: 2001-343040/200136 

XRPX Acc No: N01-248456 

Electronic transaction method for on-line shopping, involves encrypting 
the purchase/ service request from consumer and forwarding the request 
along with consumer public key and certificate 

Patent Assignee: GEN INSTR CORP (GENN ) 

Inventor: SAFADI R 

Number of Countries: 095 Number of Patents: 007 
Patent Family: 



Patent No 


Kind 


Date 


Applicat No 


Kind 


Date 


Week 


WO 200115092 


A2 


20010301 


WO 2000US21232 


A 


20000803 


200136 


AU 200063988 


A 


20010319 


AU 200063988 


A 


20000803 


200136 


EP 1210694 


A2 


20020605 


EP 2000950969 


A 


20000803 


200238 








WO 2000US21232 


A 


20000803 





KR 


2002021413 


A 


20020320 


KR 


2002702356 


A 


20020223 


200264 


CN 


1421024 


A 


20030528 


CN 


2000814406 


A 


20000803 


200357 


JP 


2003526840 


W 


20030909 


WO 


2000US21232 


A 


20000803 


200360 










JP 


2001519377 


A 


20000803 




BR 


200013513 


A 


20030819 


BR 


200013513 


A 


20000803 


200367 










WO 


2000US21232 


A 


20000803 





Priority Applications (No Type Date) : US 99150679 P 19990825 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

WO 200115092 A2 E 49 G07F-000/00 

Designated States (National) : AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA 
CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP 
KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT 
RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW 
Designated States (Regional): AT BE CH CY DE DK EA ES FI FR GB GH GM GR 
IE IT KE LS LU MC MW MZ NL OA PT SD SE SL SZ TZ UG ZW 

AU 200063988 A G07F-000/00 Based on patent WO 200115092 

EP 1210694 A2 E G07F-007/08 Based on patent WO 200115092 

Designated States (Regional) : AL AT BE CH CY DE DK ES FI FR GB GR IE IT 
LI LT LU LV MC MK NL PT RO SE SI 

KR 2002021413 A G06F-017/60 

CN 1421024 A G07F-007/08 

JP 2003526840 W 34 G06F-017/60 Based on patent WO 200115092 

BR 200013513 A G06F-017/60 Based on patent WO 200115092 

Abstract (Basic) : WO 200115092 A2 

NOVELTY - A specific goods /service request is selected by consumer 
terminal (145) using entertainment terminal (100) . A purchase/service 
request is encrypted and sent to transaction server (150) along with 
consumer public key and certificate . Encrypted response including 
transaction information is provided from the server to consumer 
terminal. Response .message is decrypted and the payment for purchase is 
arranged. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
electronic transaction system. 

USE - For on-line shopping, electronic commerce. 

ADVANTAGE - Provides effective transaction security even in the 
existing cable television networks, thereby promotes consumer 
service . 

DESCRIPTION OF DRAWING (S) - The figure shows block diagram of 
e-commerce system on which electronic transaction method is applied. 
Entertainment terminal (100) 
Consumer terminal (145) 
Transaction server (150) 
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Abstract (Basic) : WO 200045273 Al ; 

NOVELTY - A secure processor (22) decrypts and authenticates the 
received encrypted message. Then, the secured processor determines 
whether the message is authentic and if so, the decrypted message is 
transferred to the host processor. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
method of providing secure processing in telecommunication system. 

USE - For authenticating encrypted message using public key 
systems (PKS) also known as asymmetric system or crypto systems in 
telecommunication system reguiring secured transactions such as cable 
telephony system, and banking application. Also in Internet, cable 
television , satellite. 

ADVANTAGE - The message can be decrypted, at the same time the 
signature is verified. So the speed is improved due to such parallel 
processing. No need to protect the certificates in secure memory, 
since they are already cryptographically protected with a digital 
signature. Some of the encrypted information can still be decrypted and 
transferred to the host. This is useful for service or trouble shooting, 
as where a key is expired and the secured processor gives notice of 
expiration date of key, certificate etc. Improves communication speed 
by using parallel processing. 

DESCRIPTION OF DRAWING (S) - The figure shows the flowchart showing 
the basic steps of encrypted message authentication method. 
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Abstract (Basic); WO 9963696 Al 

NOVELTY - A processor is connected to an interface (210) for 
cryptographically processing the quantity received by an input 
interface. The processor uses unpredictable information to conceal 
correlation between externally monitorable signals and secret during 
processing of the quantity. 

DETAILED DESCRIPTION - An interface (210) receives the quantity to 
be cryptographically processed. An information source produces 



unpredictable information. The interface (210) outputs the 
cryptographically processed quantity to a recipient. An INDEPENDENT 
CLAIM is also included for the method for preventing leakage of 
information from smart cards and other cryptosystems . 

USE - For preventing information leakage from smart cards, 
cryptographic tokens, stored value cards and system, credit and debit 
cards, customer royalty cards, cryptographic accelerator, gambling and 
wagering system, cryptographic chips, tamper-resistant microprocessor, 
cryptographic PCMCIA cards for key management devices, banking pay 
management systems, secure web servers, electronic payment systems, 
micropayment systems and meters, prepaid telephone cards, identity 
verification systems, electronic funds transfer system, automatic 
teller machines, point of sale terminals, certificate issuance 
systems, electronic badges, door entry systems, physical locks using 
cryptographic keys, systems for decrypting television signals e.g. 
broadcast television, satellite television, cable television , 
systems for decrypting enciphered music, system for protecting video 
signals, copy protection systems, cellular telephone scrambling and 
authentication systems, key storage device for telephones and 
cryptographic data auditing systems. 

ADVANTAGE - Protects information from external monitoring attacks 
by reducing signal to noise ratio of useful information leaked during 
processing. Prevents unauthorized copying or use of movies, audio 
content, computer programs, video games, images, text, databases etc. 

DESCRIPTION OF DRAWING (S) - The figure illustrates the information 
leakage prevention apparatus. 

Interfaces (210) 

pp; 34 DwgNo 2/2 
Title Terms: INFORMATION; LEAK; PREVENT; DEVICE; SMART; CARD 
Derwent Class: T01; T04; W01 

International Patent Class (Main): G06F-012/14; H04K-001/00 
International Patent Class (Additional): G06F-011/30 
File Segment: EPI 



5/5/9 (Item 9 from file: 350) 

DIALOG (R) File 350: Derwent WPIX 

(c) 2004 Thomson Derwent. All rts. reserv. 

012240108 **Image available** ■ 
WPI Acc No: 1999-046216/199904 
XRPX Acc No: N99-033716 

Conditional access system for set - top box - uses set - top box 
to establish communication channel after authentication of service 
provider and smart card using public and private key pairs and 
digital certificate 
Patent Assignee: THOMSON CONSUMER ELECTRONICS INC (THOH ); THOMSON 

CONSUMER ELECTRONICS SA (THOH ) 
Inventor: ESKICIOGLU A M; VIRAG D E; WEHMEYER K R 
Number of Countries: 082 Number of Patents: 012 
Patent Family : 



Patent No .. 


Kind 


Date 


Applicat No 


Kind 


Date 


Week 


WO 


9856179 


Al 


19981210 


WO 


98US11633 


A 


19980605 


199904 


AU 


9877258 


A 


19981221 


AU 


9877258 


A 


19980605 


199919 


EP 


986910 


Al 


20000322 


EP 


98925263 


A 


19980605 


200019 










WO 


98US11633 


A 


19980605 




BR 


9809911 


A 


20000801 


BR 


989911 


A 


19980605 


200043 










WO 


98US11633 


A 


19980605 




CN 


1259260 


A 


20000705 


CN 


98805839 


A 


19980605 


200052 


AU 


732576 


B 


20010426 


AU 


9877258 


A 


19980605 


200128 


MX 


9911219 


Al 


20000601 


MX 


9911219 


A 


19991203 


200133 


KR 


2001013259 


A 


20010226 


KR 


99711251 


A 


19991201 


200154 


JP 


2002503354 


W 


20020129 


WO 


98US11633 


A 


19980605 


200211 










JP 


99502920 


A 


19980605 




EP 


986910 


Bl 


20020814 


EP 


98925263 


A 


19980605 


200255 










WO 


98US11633 


A 


19980605 




DE 


69807221 


E 


20020919 


DE 


607221 


A 


19980605 


200269 










EP 


98925263 


A 


19980605 





WO 98US11633 A 19980605 
KR 374232 * B 20030303 WO 98US11633 A 19980605 200349 

KR 99711251 A 19991201 

Priority Applications (No Type Date) : US 9748819 P 19970606 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

WO 9856179 Al E 26 H04N-007/167 

Designated States (National) : AL AM AT AU AZ BA BB BG BR BY CA CH CN CU 

CZ DE DK EE ES FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR 

LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM 
TR TT UA UG US UZ VN YU ZW 

Designated States (Regional) : AT BE CH CY DE DK EA ES FI FR GB GH GM GR 

IE IT KE LS LU MC MW NL OA PT SD SE SZ UG ZW 



AU 


9877258 


A 






Based on 


patent 


WO 


9856179 


EP 


986910 


Al 


E 


H04N-007/167 


Based on 


patent 


WO 


98 


56179 




Designated 


States 


(Regional) : DE 


FR GB IT 










BR 


9809911 


A 




H04N-007/167 


Based on 


patent 


WO 


98 


56179 


CN 


1259260 


A 




H04N-007/167 












AU 


732576 


B 




H04N-007/167 


Previous 


Publ. ] 


patent 


AU 9877258 












Based on 


patent 


WO 


98 


56179 


MX 


9911219 


Al 




H04N-007/167 












KR 


2001013259 


A 




H04N-007/167 












JP 


2002503354 


W 




29 G09C-001/00 


Based on 


patent 


WO 


98 


56179 


EP 


986910 


Bl 


E 


H04N-007/167 


Based on 


patent 


WO 


98 


56179 




Designated 


States 


(Regional) : DE 


FR GB IT 










DE 


69807221 


E 




H04N-007/167 


Based on 


patent 


EP 


98 


6910 












Based on 


patent 


WO 


98 


56179 


KR 


374232 


B 




H04N-007/167 


Previous 


Publ. 


patent 


KR 2001013259 












Based on 


patent 


WO 


98 


56179 



Abstract (Basic) : WO 9856179 A 

A smart card (30) is inserted into or coupled with a smart card 
reader in a set - top, box (20) and data are exchanged through an 
internal bus (25) . The smart card may be integrated into the box 
connected to a service provider (40) via a dial-up link or direct link 
(45) and a certificate authority (50) issues digital certificates 
and public and private key pairs. Conditional access is based 
on authentication of each device communicating with the set - top ■ box 
before establishing a channel to the service provider. 

This is carried out using a public key stored in the box, 
passing a message to the smart card containing identification data and 
verifying the smart card has returned a valid certificate , involving 
decrypting the first digital certificate using the public key . 
After authentication, the desired provider is contacted and 
confirmation of authentication is sent encrypted using the public 
key . The box establishes a channel with the provider and communication 
is then handled using public - key cryptology and the public and 
private key pairs associated with the service provider. 

USE - Providing of conditional access to set - top box 
coupled to TV receiver 

ADVANTAGE - Use of single set - top box with many service 
providers 
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Conditional programme access method e.g. for television - encrypting 
broadcast and checking user access status using messages with fiirst part 
containing public key and second part programme-specific enctryption 
information 
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Abstract (Basic) : FR 2715256 A 

The method includes assigning a specific control word (MCSi) acting 
as an encryption key for each transmitted programme (Pi) derived from a 
common encryption key (MCR) with diversification parameters (PDi) . Each 
program is scrambled using its own key. Right of access is checked by 
two-part messages in which the first part (MCTAC) is common to all 
programmes and contains an operator identifier (ID) and control common 
encryption device (CMCR) . 

The second part contains the information specific to each program 
(MCTASi) . These messages contain the access conditions (CAi) for 
different programmes (CAi) chosen by the same operator, the 
diversification parameters and a cryptographic check element (RCi). 
This guarantees the integrity of the complete message formed by the 
first common part and the second specific part. 

USE/ADVANTAGE - E.g. radio, data transmission etc. Guarantees 
access to authorised users only. Reduced bit rate requirement for 
access control messages. 
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Abstract (Basic) : WO 9907149 Al 

NOVELTY - The programs received by set top units are decrypted 
using public or private keys provided by service providers or 
central authorization agents. Keys used by set top boxes (113) for 
selective decryption are public or private in nature and can be 
reassigned at different times to provide a cable television system 



with minimal piracy. 

DETAILED DESCRIPTION - The cable television system uses a head 
end from which service programs are broadcast and several set top 
units for receiving the programs and selectively decrypting them for 
display to system subscribers. 

USE - For protecting information and more particularly systems for 
protecting information that is transmitted using wired or wireless 
medium against unauthorized access. 

ADVANTAGE - Provides access restrictions which are both more secure 
and more flexible than those in conventional systems. 

DESCRIPTION OF DRAWING (S) - The drawing shows a block diagram of a 
conditional access system, 
set top box (113) 
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Abstract (Basic) : WO 9856180 A 

A conditional - access system includes a set - top box (400) 
having a smart card (420) coupled to a card reader and communicating 
with a billing centre (700) and also to many service providers (600) 
and to an electronic programme guide (580) . The smart card could be 
integrated into the box for digital TV and lists of events from service 
providers could be accessed through the programme guide having a unique 
digitally signed and encrypted message associated with each event. 

After selection of a desired event from the programme guide, the 
corresponding digitally signed message is downloaded into the set - 
top box and the guide must be authenticated to ensure the message was 
received from the desired provider. Authentication involves decrypting 
the digital signal in the set - top box using the public key of 
the provider and requires a pre-existing agreement between the provider 
source and the manufacturer of the set - top box. After 
authentication, the message is decrypted in the set - top box and 
data of the channel identification, the date and time are used to 
update the user account. 

USE - Providing of conditional access to set - top box of 
digital TV receiving digital streams from various sources 

ADVANTAGE - Compensation of manufacturer for use of hardware to 
access selected service provider 
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Abstract (Basic) : WO 9738530 A 

The method involves generating a random key (Ci) by a conditional 
access module (CAM) used in a pay TV system and transferring the key 
to a smart card. The key is encrypted in a first message using a 
public key . The smart card decrypts the encrypted message using a 
corresponding secret key to obtain the random key. 

The random key is used to encrypt and decrypt transmissions between 
the devices. Preferably, after decryption of the message, the smart 
card returns the random key in a second encrypted message with an 
authentication to the conditional access module. 

ADVANTAGE - Prevents switching between authorised and unauthorised 
devices . 

Dwg.2/2 

Title Terms: SECURE; COMMUNICATE; METHOD; PAY; TELEVISION; SYSTEM; GENERATE 
; TRANSFER; RANDOM; KEY; ENCRYPTION; MESSAGE; MESSAGE; CORRESPOND; SECRET 
; KEY; OBTAIN; RANDOM; KEY 

Derwent Class: P85; W02; W03 

International Patent Class (Main): H04H-009/00; H04N-000/00; H04N-007/16; 
H04N-007/167 

International Patent Class (Additional): G09C-000/00; H04K-000/00; 

H04L-009/00 
File Segment: EPI; EngPI 



11/5/16 (Item 16 from file: 350) 

DIALOG (R) File 350: Derwent WPIX 



(c) 2004 Thomson Derwent . All rts. reserv. 



010792383 **Image available** 
WPI Acc No: 1996-289336/ 199630 

Related WPI Acc No: 1995-353054; 1996-173232; 1996-211260; 1996-261833; 

2000-012066; 2000-115324; 2000-474732; 2000-654981; 2002-259220; 

2004-466660 
XRPX Acc No: N96-242825 

Crypt key system esp. for copyright protection or management in 

television broadcasting or online database - uses secret key and public 
key encryption methods as well as digital signature with crypt keys 

supplied through broadcast being optionally encrypted 
Patent Assignee: MITSUBISHI CORP (MITS ) 
Inventor: SAITO M 

Number of Countries: 005 Number of Patents: 00 9 
Patent Family: 



Patent No 


Kind 


Date 


Applicat No 


Kind 


Date 


Week 


EP 


719045 


A2 


19960626 


EP 


95119605 


A 


19951213 


199630 B 


EP 


719045 


A3 


19961016 


EP 


95119605 


A 


19951213 


199648 


JP 


8288940 


A 


19961101 


JP 


95346095 


A 


19951211 


199703 


US 


5740246 


A 


19980414 


us 


95573958 


A 


19951213 


199822 


US 


6182218 


Bl 


20010130 


US 


95573958 


A 


19951213 


200108 










us 


97881533 


A 


19970624 




us 


20020052£ 


350 Al 


20020502 


us 


; 95549270 


A 


19951027 


200234 










us 


95573958 


A 


19951213 












us 


97868488 


A 


19970603 












us 


200113507 


A 


20011213 




us 


6424715 


Bl 


20020723 


us 


95549270 


A 


19951027 


200254 










us 


95573958 


A 


19951213 












us 


97868488 


A 


19970603 




EP 


719045 


Bl 


20031029 


EP 


95119605 


A 


19951213 


200379 


DE 


69532028 


E 


20031204 


DE 


95632028 


A 


19951213 


200404 










EP 


95119605 


A 


19951213 





Priori 
1994 
Cited 
Patent 
Patent 
EP 719 
Des 
EP 719 
JP 828 
US 574 
US 618 



ty Applicat 
1027; JP 94 
Patents: No 
Details : 
No Kind L 
045 A2 
ignated Sta 
045 A3 
8940 A 
0246 A 
2218 Bl 



US 20020052850 Al 



US 6424715 



ions (No Type Date) 
299835 A 19941202 
SR. Pub; 1. Jnl.Ref ; 

an Pg Main IPC 
E 21 H04N-007/167 
tes (Regional) : DE 
H04N-007/167 
15 H04L-009/08 
18 H04N-007/167 
H04L-009/00 

G06F-017/60 



H04L-009/32 



H04N-007/167 



EP 719045 Bl E 

Designated States (Regional) : DE 
DE 69532028 E H04N-007/167 



: JP 94309292 A 19941213; JP 94264200 1 
EP 438154; EP 450841; EP 506435 
Filing Notes 

FR GB 



CIP of application US 95573958 

CIP of patent US 5740246 

CIP of application US 95549270 

CIP of application US 95573958 

Div ex application US 97868488 

CIP of application US 95549270 

CIP of application US 95573958 

CIP of patent US 5740246 

FR GB 

Based on patent EP 719045 



Abstract (Basic) : EP 71904'5 A 

The crypt key system includes a database (12) which is connected t 
a broadcasting system (11) and a charging centre (13) . A user terminal 
(18) receives (14) the broadcast information and directly communicates 
(15) with the database. Communication can be via direct links or 
intermediate storage e.g. floppy disc. 

The database prepares a public - key and supplies it to the 
broadcast station which sends it by teletext. The key can include a 
digital signature. Users can encrypt the public key with their 
secret key and send it to the database. This decodes it with a private 
key and encrypts the data which is then sent to the user who is able t 
decrypt it. 



ADVANTAGE - For pay-per-view and video -on -demand systems. Also for 
online database system or electronic market. Defines concrete structure 
for applying the crypt key system to public access information systems. 
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Abstract (Basic) : EP 715241 A 

A CPU, a read-only semiconductor memory, an EEPROM, a read-write 
memory are connected to a CPU bus. A system bus terminal is connected 
to the CPU bus. A data copyright management, system program, a 
copyright management, program and user information are stored in the 
read-only memory. 

A second private-key, a permit key, a second secret key, a 



copyright management are provided. Program and copyright information 
are stored in the EE PROM . Two public keys , a private key and a 
encryption key are transmitted to the read-write memory during 
operation . 

ADVANTAGE - Data copyright management, appts . as multiprocessor 
configuration utilising SCSI bus or PCI bus is accomplished. 
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